/**
 * 	 DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *   @author Colin Redmond
 *   Copyright (C) 2011 Colin Redmond
 *
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
 *   You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *   Unless required by applicable law or agreed to in writing, software
 *   distributed under the License is distributed on an "AS IS" BASIS,
 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *   See the License for the specific language governing permissions and
 *   limitations under the License.
 */

package com.cred.industries.platform.business.security;

/**
 * 	There are two types of authorization.
 *  There is modify privileges, the user can modify some aspects of the Business Objects but not all
 *  There is the super user privileges, they can modify any aspect of the Business with the exception of auto generated PK's
 *	Each BO's will have different requirements for authorizedToModify and authorizedAsSuperUser
 *	
 *	Although it would be possible to check permission in the getter and setters, it would be too much overhead, 
 *	so we will let the facade deal with security enforcement.
 *	
 *	returns true if the authenticated can modify the BusinessObject
 *	for CustomerBO that is either the self, CS or admin
 * 
 */

public interface Authorization {

	/**
	 * used to control who can update this BO.
	 * @return true if the authenticated can modify the BusinessObject
	 */
	boolean authorizedToModify();
	
	/**
	 * used to control who can read this BO. 
	 * @return true if the authenticated can read the BusinessObject
	 */
	boolean authorizedToAccess();

	/**
	 * used to control access to parts of the BO. For example, in the Customer BO we only want a super user
	 * to be able to change the presona name. 
	 * @return true if the authenticated user can modify/read any part of the BusinessObject as the SuperUser
	 */
	boolean authorizedAsSuperuser();

}